Holistic Strategy-Based Threat Model for Organizations
Meinig, Michael; Sukmana, M. I. H.; Torkura, K. A.; Meinel, Christoph
Proceedings of the 10th International Conference on Ambient Systems, Networks and Technologies (ANT 2019)
Data breaches, privacy violations and cyber-attacks are growing problems for companies and governmental organizations. Threat modelling serves as a heuristic procedure of methodological validation of organizations, system designs, software architectures to identify threats. The earlier this happens in the design process, the more cost-effective it is to identify and fix security vulnerabilities and therefore it reduces the possibility of risk happening. Classical literature sources and Internet sources offer different representations of attacker strategies and threat classifications. It is often difficult to apply these schemes to one’s own organization and often the size of them is comprehensible only for experts. In order to improve the understanding of security threats, particularly in the management levels, we provide a structured overview of the most common threat classification schemes and propose a classification model focusing on threats that first considers the specific organization and in a further step presents the courses of action of an attacker in this organization.